As everything is in place for authentication, we will now prepare the *TLS* prerequisites.

As everything is in place for authentication, we will now prepare the *TLS* prerequisites.

Instead of generating a self-signed certificate, I use to rely on (CACert)[http://www.cacert.org/], "a community driven, Certificate Authority that issues certificates to the public at large for free." (from CACert.org).

Instead of generating a self-signed certificate, I use to rely on [CACert](http://www.cacert.org/), "a community driven, Certificate Authority that issues certificates to the public at large for free." (from CACert.org).

Once you have generated your server's private key with *CSRGenerator* and received your server certificate from CACert, simply copy them to */etc/mail/certs*, along with (CACert root certificate)[http://www.cacert.org/certs/root.crt]. Make sure your private key has strict permissions, *sendmail* will refuse to start if it is readable by everyone.

Once you have generated your server's private key with *CSRGenerator* and received your server certificate from CACert, simply copy them to */etc/mail/certs*, along with [CACert root certificate](http://www.cacert.org/certs/root.crt). Make sure your private key has strict permissions, *sendmail* will refuse to start if it is readable by everyone.